Bug 14408: Allow tmpl and empty in template paths

author Fridolin Somers <fridolin.somers@biblibre.com>

Tue, 23 Jun 2015 12:09:06 +0000 (14:09 +0200)

committer Fridolin Somers <fridolin.somers@biblibre.com>

Tue, 23 Jun 2015 12:16:58 +0000 (14:16 +0200)
author Fridolin Somers <fridolin.somers@biblibre.com>
Tue, 23 Jun 2015 12:09:06 +0000 (14:09 +0200)
committer Fridolin Somers <fridolin.somers@biblibre.com>
Tue, 23 Jun 2015 12:16:58 +0000 (14:16 +0200)
diff --git a/C4/Auth.pm b/C4/Auth.pm

index 1d3482e..851dc69 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -140,7 +140,7 @@ sub get_template_and_user {
     my ( $user, $cookie, $sessionID, $flags );
 
     my $safe_chars = 'a-zA-Z0-9_\-\/';
-    die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+.tt?$/ig; #sanitize input
+    die "bad template path" if $in->{'template_name'} && $in->{'template_name'} !~ m/^[$safe_chars]+\.(tt|tmpl)$/ig; #sanitize input
 
     $in->{'authnotrequired'} ||= 0;
     my $template = C4::Templates::gettemplate(
author	Fridolin Somers <fridolin.somers@biblibre.com>
	Tue, 23 Jun 2015 12:09:06 +0000 (14:09 +0200)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Tue, 23 Jun 2015 12:16:58 +0000 (14:16 +0200)